From dc903a7621d584b42b9c4bebee1519321d469727 Mon Sep 17 00:00:00 2001 From: ja Date: Fri, 15 Oct 2021 16:50:28 +0200 Subject: [PATCH] =?UTF-8?q?Logik=20ge=C3=A4ndert?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- login/ChangePW.aspx.vb | 74 +++++------ login/ForgotPW.aspx | 8 +- login/ForgotPW.aspx.vb | 296 ++++++++++++++++++++++------------------- 3 files changed, 200 insertions(+), 178 deletions(-) diff --git a/login/ChangePW.aspx.vb b/login/ChangePW.aspx.vb index 8e33403..f0d73f9 100644 --- a/login/ChangePW.aspx.vb +++ b/login/ChangePW.aspx.vb @@ -70,49 +70,49 @@ Partial Class login_ChangePW tempstr = txt_Pw_M.Text Else tempstr = "Error01" - End If + End If - If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso txt_Pw_M.Text = String.Empty And txt_Pw_WH_M.Text = String.Empty Then - Msg = "PW erfolgreich geändert!" - Style = vbOKOnly + vbInformation + vbDefaultButton1 - Title = "Information" - regexval_txt_Pw.ForeColor = Drawing.Color.Green - regexval_txt_Pw.Text = "Password has been changed successfully!" - 'MsgBox(Msg, Style, Title) + If txt_Pw.Text = tempstr And txt_Pw_WH.Text = tempstr AndAlso txt_Pw_M.Text = String.Empty And txt_Pw_WH_M.Text = String.Empty Then + Msg = "PW erfolgreich geändert!" + Style = vbOKOnly + vbInformation + vbDefaultButton1 + Title = "Information" + regexval_txt_Pw.ForeColor = Drawing.Color.Green + regexval_txt_Pw.Text = "Password has been changed successfully!" + 'MsgBox(Msg, Style, Title) - ' If MsgBox(Msg, Style, Title).Ok Then - 'Response.Redirect("login_FLEX.aspx") - 'End If - ElseIf txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso txt_Pw.Text = String.Empty And txt_Pw_M.Text = String.Empty Then - Msg = "PW erfolgreich geändert!" - Style = vbOKOnly + vbInformation + vbDefaultButton1 - Title = "Information" - regexval_txt_Pw.ForeColor = Drawing.Color.Green - regexval_txt_Pw.Text = "Password has been changed successfully!" - 'MsgBox(Msg, Style, Title) + ' If MsgBox(Msg, Style, Title).Ok Then + 'Response.Redirect("login_FLEX.aspx") + 'End If + ElseIf txt_Pw_M.Text = tempstr And txt_Pw_WH_M.Text = tempstr AndAlso txt_Pw.Text = String.Empty And txt_Pw_M.Text = String.Empty Then + Msg = "PW erfolgreich geändert!" + Style = vbOKOnly + vbInformation + vbDefaultButton1 + Title = "Information" + regexval_txt_Pw.ForeColor = Drawing.Color.Green + regexval_txt_Pw.Text = "Password has been changed successfully!" + 'MsgBox(Msg, Style, Title) - ' If MsgBox(Msg, Style, Title).Ok Then - 'Response.Redirect("login_FLEX.aspx") - 'End If - ElseIf tempstr = "Error01" Then - regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed - regexval_txt_Pw.Text = "Password has not been changed successfully!" - ' Msg = "PW nicht erfolgreich geändert!" - ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 - ' Title = "Error" - 'MsgBox(Msg, Style, Title) - 'If MsgBox(Msg, Style, Title).Retry Then - 'Response.Redirect(Request.RawUrl) - 'ElseIf MsgBox(Msg, Style, Title).Abort Then - ' Response.Redirect("../newPageJulius_Sidebar.aspx") - 'ElseIf MsgBox(Msg, Style, Title).Ignore Then - ' Try + ' If MsgBox(Msg, Style, Title).Ok Then + 'Response.Redirect("login_FLEX.aspx") + 'End If + ElseIf tempstr = "Error01" Then + regexval_txt_Pw.ForeColor = Drawing.Color.MediumVioletRed + regexval_txt_Pw.Text = "Password has not been changed successfully!" + ' Msg = "PW nicht erfolgreich geändert!" + ' Style = vbAbortRetryIgnore + vbCritical + vbDefaultButton1 + ' Title = "Error" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Retry Then + 'Response.Redirect(Request.RawUrl) + 'ElseIf MsgBox(Msg, Style, Title).Abort Then + ' Response.Redirect("../newPageJulius_Sidebar.aspx") + 'ElseIf MsgBox(Msg, Style, Title).Ignore Then + ' Try - ' Catch ex As Exception + ' Catch ex As Exception - ' End Try - End If + ' End Try + End If End Sub diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx index 1580a73..2a8ef7f 100644 --- a/login/ForgotPW.aspx +++ b/login/ForgotPW.aspx @@ -287,7 +287,8 @@ - + + @@ -331,8 +332,9 @@ - - + + + diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb index 392a94e..7d7e576 100644 --- a/login/ForgotPW.aspx.vb +++ b/login/ForgotPW.aspx.vb @@ -19,176 +19,196 @@ Partial Class login_ForgotPW Dim password As String = String.Empty Dim email As String = String.Empty Dim tokenname As String = String.Empty - If txtEmail_M.Text = String.Empty And txt_Username_M.Text = String.Empty AndAlso String.IsNullOrWhiteSpace(txtEmail.Text) = False AndAlso String.IsNullOrWhiteSpace(txt_Username.Text) = False Then + If txtEmail_M.Text = "E-Mail" And txt_Username_M.Text = "Username" And Not txtEmail.Text = "E-Mail" And Not txt_Username.Text = "Username" And String.IsNullOrEmpty(txtEmail.Text) = False And String.IsNullOrEmpty(txt_Username.Text) = False Then + regexval_2_txt_Email_M.Enabled = False valreqtxtEmail_M.Enabled = False + valreqtxtusername_M.Enabled = False + valreqtxtusername.Enabled = True valreqtxtEmail.Enabled = True regexval_txt_Email_2.Enabled = True regexval_txt_Email.Enabled = True - regexval_2_txt_Email_M.Enabled = False + valreqtxtEmail.Validate() - check_UserName_regex.Validate() - If valreqtxtEmail.IsValid = True AndAlso check_UserName_regex.IsValid = True Then + If valreqtxtEmail.IsValid = True Then email = txtEmail.Text - username = txt_Username.Text ElseIf valreqtxtEmail.IsValid = False Then valreqtxtEmail.ErrorMessage = "Annotation: The given Domain is not the company domain." regexval_txt_Email.Validate() regexval_txt_Email_2.IsValid = True + End If + + valreqtxtusername.Validate() + If valreqtxtusername.IsValid = True Then + check_UserName_regex.Validate() If check_UserName_regex.IsValid = False Then check_UserName_regex.ErrorMessage = "Annotation: The Username does not match the requirements." Else - check_UserName_regex.IsValid = True + If check_UserName_regex.IsValid = True Then + username = txt_Username.Text + End If End If End If - 'Mobil - ElseIf txtEmail.Text = String.Empty And txt_Username.Text = String.Empty AndAlso String.IsNullOrWhiteSpace(txtEmail_M.Text) = False AndAlso String.IsNullOrWhiteSpace(txt_Username_M.Text) = False Then + MsgBox("3" + email + " " + username) + + 'Mobil + ElseIf txtEmail.Text = "E-Mail" And txt_Username.Text = "Username" And Not txtEmail_M.Text = "E-Mail" And Not txt_Username_M.Text = "Username" And String.IsNullOrEmpty(txtEmail_M.Text) = False And String.IsNullOrEmpty(txt_Username_M.Text) = False Then valreqtxtEmail_M.Enabled = True + regexval_2_txt_Email_M.Enabled = True regexval_txt_Email.Enabled = False regexval_txt_Email_2.Enabled = False - regexval_2_txt_Email_M.Enabled = True + valreqtxtusername.Enabled = False + valreqtxtusername_M.Enabled = True valreqtxtEmail_M.Validate() - check_UserName_regex_M.Validate() - If valreqtxtEmail_M.IsValid = True AndAlso check_UserName_regex_M.IsValid = True Then + + If valreqtxtEmail_M.IsValid = True Then email = txtEmail_M.Text - username = txt_Username_M.Text ElseIf valreqtxtEmail_M.IsValid = False Then valreqtxtEmail_M.ErrorMessage = "Annotation: The given Domain is not the company domain." - regexval_2_txt_Email_M.Validate() - valreqtxtEmail_M.IsValid = True - If check_UserName_regex_M.IsValid = False Then - check_UserName_regex_M.ErrorMessage = "Annotation: The Username does not match the requirements." - Else - check_UserName_regex_M.IsValid = True - End If + regexval_txt_Email_M.Validate() + regexval_txt_Email_2.IsValid = True End If - If String.IsNullOrEmpty(email) = False AndAlso String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True AndAlso String.IsNullOrEmpty(username) = False Then - - If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then - VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True - 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" - ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - Else - VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False - ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" - 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" - End If - - Using con As New SqlConnection(ConnectionString) - ' Using cmd As New SqlCommand("Validate_User") - Using cmd As New SqlCommand("SELECT Username,Password,Email FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username") - ' cmd.CommandType = CommandType.StoredProcedure - cmd.Parameters.AddWithValue("@Username", username) - cmd.Connection = con - con.Open() - 'userId = Convert.ToInt32(cmd.ExecuteScalar()) - Dim dr As SqlDataReader = cmd.ExecuteReader() - If dr.Read() Then - username = dr("Username").ToString() - password = dr("Password").ToString() - email = dr("Email").ToString() - Try - If txt_Username.Text = dr("Username").ToString() And String.IsNullOrEmpty(txt_Username_M.Text) = True Then - check_UserName_regex_M.Enabled = False - check_UserName_regex.Enabled = True - check_UserName_regex.IsValid = True - username = txt_Username.Text - ElseIf txt_Username_M.Text = dr("Username").ToString() And String.IsNullOrEmpty(txt_Username.Text) = True Then - check_UserName_regex.Enabled = False - check_UserName_regex_M.Enabled = True - check_UserName_regex_M.IsValid = True - username = txt_Username_M.Text - ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = True AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True Then - check_UserName_regex_M.MatchTimeout = 3000 - check_UserName_regex_M.ErrorMessage = "No valid Username found in out database!" - check_UserName_regex_M.IsValid = False - ElseIf String.IsNullOrEmpty(txt_Username.Text) = False Then - check_UserName_regex.MatchTimeout = 3000 - check_UserName_regex.ErrorMessage = "No valid Username found in out database!" - check_UserName_regex.IsValid = False - End If - If (txtEmail.Text = dr("Email").ToString() And String.IsNullOrEmpty(txtEmail_M.Text)) = True Then - regexval_txt_Email_M.Enabled = False - regexval_txt_Email.Enabled = True - regexval_txt_Email.Validate() - email = txtEmail.Text - lblMessage.ForeColor = Color.Green - lblMessage.Text = "The given e-mail exists in our database." - ElseIf (txtEmail_M.Text = dr("Email").ToString() And String.IsNullOrEmpty(txtEmail.Text) = True) Then - regexval_txt_Email_M.Validate() - email = txtEmail_M.Text - lblMessage_M.ForeColor = Color.Green - lblMessage_M.Text = "The given e-mail exists in our database." - Else - lblMessage_M.ForeColor = Color.Red - lblMessage_M.Text = "The given e-mail does not exist in our database." - End If - - Catch ex As Exception - Dim Msg, Style, Title As String - Msg = "E-Mail validation failed!" & vbCrLf + "Please try again!" - Style = vbRetry + vbExclamation + vbDefaultButton1 - Title = "Authentication error!" - 'MsgBox(Msg, Style, Title) - 'If MsgBox(Msg, Style, Title).Yes Then - 'txtEmail.Text = String.Empty - 'txtEmail.Focus() - 'ElseIf MsgBox(Msg, Style, Title).No Then - 'End If - End Try - End If - End Using - con.Close() - End Using - If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email) - Session.Add("TokenforEmail", tokenname) - Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) - Else - tokenname = Session.Item("TokenforEmail") - End If - - If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = True Then - 'password = RandomString(New Random, 10) - If (getDateoftoken(tokenname) = True) Then - 'Dim msgboxstyle = vbDefaultButton1 + vbOK - 'MsgBox(tokenname, msgboxstyle) - lblMessage.ForeColor = Color.Green - lblMessage.Text = "Token generated successfully." - 'MsgBox("Token generated successfully.") + valreqtxtusername_M.Validate() + If valreqtxtusername_M.IsValid = True Then + check_UserName_regex_M.Validate() + If check_UserName_regex_M.IsValid = False Then + check_UserName_regex_M.ErrorMessage = "Annotation: The Username does not match the requirements." Else - lblMessage.ForeColor = Color.Red - lblMessage.Text = "Token is not valid anymore. Please generate a new one by sending a new e-mail!" - 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") - - If Session.Item("TokenforEmail") = Nothing Then - tokenname = genToken(username, password, email) - Session.Add("TokenforEmail", tokenname) - Else - tokenname = Session.Item("TokenforEmail") - End If + check_UserName_regex_M.IsValid = True End If - 'SendEmail(username, password, email) - 'MsgBox("Mail would be sent successfully!") - lblMessage.ForeColor = Color.Green - lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address." - ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = False Then - 'MsgBox("Mail would not be sent successfully!") - lblMessage.ForeColor = Color.Red - If String.IsNullOrWhiteSpace(username) = True Then - lblMessage.Text = "Error10: Username not recognized Error!" - ElseIf String.IsNullOrWhiteSpace(email) = True Then - lblMessage.Text = "Error11: Email not recognized Error!" - ElseIf String.IsNullOrWhiteSpace(password) = True Then - lblMessage.Text = "An internal password searching error occured in our systems ." + If check_UserName_regex_M.IsValid = True Then + username = txt_Username_M.Text End If End If + + End If + MsgBox("Userdaten in App" + Environment.NewLine + email + Environment.NewLine + username + Environment.NewLine + "Userdaten desktop" + txt_Username.Text + Environment.NewLine + txtEmail.Text + Environment.NewLine + "Userdaten Mobil:" + Environment.NewLine + txtEmail_M.Text + Environment.NewLine + txt_Username_M.Text) + If String.IsNullOrEmpty(email) = False And String.IsNullOrEmpty(tokenname) = True And String.IsNullOrEmpty(password) = True And String.IsNullOrEmpty(username) = False Then + If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True + 'ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=sa;Pwd=BmWr501956" + ConnectionString = "Server=DEVELOPER\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" Else - 'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08") + VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = False + ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" + 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" + End If + + Using con As New SqlConnection(ConnectionString) + ' Using cmd As New SqlCommand("Validate_User") + Using cmd As New SqlCommand("SELECT Username,Password,Email FROM [VERAG_HOMEPAGE].[dbo].[Users] WHERE Username=@Username") + ' cmd.CommandType = CommandType.StoredProcedure + cmd.Parameters.AddWithValue("@Username", username) + cmd.Connection = con + con.Open() + 'userId = Convert.ToInt32(cmd.ExecuteScalar()) + Dim dr As SqlDataReader = cmd.ExecuteReader() + If dr.Read() Then + username = dr("Username").ToString() + password = dr("Password").ToString() + email = dr("Email").ToString() + Try + If txt_Username.Text = dr("Username").ToString() AndAlso txt_Username_M.Text = "Username" Then + check_UserName_regex_M.Enabled = False + check_UserName_regex.Enabled = True + check_UserName_regex.IsValid = True + username = txt_Username.Text + ElseIf txt_Username_M.Text = dr("Username").ToString() AndAlso txt_Username.Text = "Username" Then + check_UserName_regex.Enabled = False + check_UserName_regex_M.Enabled = True + check_UserName_regex_M.IsValid = True + username = txt_Username_M.Text + ElseIf String.IsNullOrEmpty(txt_Username_M.Text) = True AndAlso String.IsNullOrEmpty(txtEmail_M.Text) = True Then + check_UserName_regex_M.MatchTimeout = 3000 + check_UserName_regex_M.ErrorMessage = "No valid Username found in out database!" + check_UserName_regex_M.IsValid = False + ElseIf String.IsNullOrEmpty(txt_Username.Text) = False Then + check_UserName_regex.MatchTimeout = 3000 + check_UserName_regex.ErrorMessage = "No valid Username found in out database!" + check_UserName_regex.IsValid = False + End If + If (txtEmail.Text = dr("Email").ToString() AndAlso txtEmail_M.Text = "E-mail") Then + regexval_txt_Email_M.Enabled = False + regexval_txt_Email.Enabled = True + regexval_txt_Email.Validate() + email = txtEmail.Text + lblMessage.ForeColor = Color.Green + lblMessage.Text = "The given e-mail exists in our database." + ElseIf (txtEmail_M.Text = dr("Email").ToString() And txtEmail.Text = "E-mail") Then + regexval_txt_Email_M.Validate() + email = txtEmail_M.Text + lblMessage_M.ForeColor = Color.Green + lblMessage_M.Text = "The given e-mail exists in our database." + Else + lblMessage_M.ForeColor = Color.Red + lblMessage_M.Text = "The given e-mail does not exist in our database." + End If + + Catch ex As Exception + Dim Msg, Style, Title As String + Msg = "E-Mail validation failed!" & vbCrLf + "Please try again!" + Style = vbRetry + vbExclamation + vbDefaultButton1 + Title = "Authentication error!" + 'MsgBox(Msg, Style, Title) + 'If MsgBox(Msg, Style, Title).Yes Then + 'txtEmail.Text = String.Empty + 'txtEmail.Focus() + 'ElseIf MsgBox(Msg, Style, Title).No Then + 'End If + End Try + End If + End Using + con.Close() + End Using + If Session.Item("TokenforEmail") = Nothing Then + tokenname = genToken(username, password, email) + Session.Add("TokenforEmail", tokenname) + Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID)) + Else + tokenname = Session.Item("TokenforEmail") + End If + + If SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = True Then + 'password = RandomString(New Random, 10) + If (getDateoftoken(tokenname) = True) Then + 'Dim msgboxstyle = vbDefaultButton1 + vbOK + 'MsgBox(tokenname, msgboxstyle) + lblMessage.ForeColor = Color.Green + lblMessage.Text = "Token generated successfully." + 'MsgBox("Token generated successfully.") + Else + lblMessage.ForeColor = Color.Red + lblMessage.Text = "Token is not valid anymore. Please generate a new one by sending a new e-mail!" + 'MsgBox("Token is not valid anymore. Please generate a new one by sending a new e-mail!") + + If Session.Item("TokenforEmail") = Nothing Then + tokenname = genToken(username, password, email) + Session.Add("TokenforEmail", tokenname) + Else + tokenname = Session.Item("TokenforEmail") + End If + End If + 'SendEmail(username, password, email) + 'MsgBox("Mail would be sent successfully!") + lblMessage.ForeColor = Color.Green + lblMessage.Text = "The password has been sent sucessfully on the given valid e-mail address." + ElseIf SendEmail(username, password, email, VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)) = False Then + 'MsgBox("Mail would not be sent successfully!") lblMessage.ForeColor = Color.Red + If String.IsNullOrWhiteSpace(username) = True Then + lblMessage.Text = "Error10: Username not recognized Error!" + ElseIf String.IsNullOrWhiteSpace(email) = True Then + lblMessage.Text = "Error11: Email not recognized Error!" + ElseIf String.IsNullOrWhiteSpace(password) = True Then + lblMessage.Text = "An internal password searching error occured in our systems ." + End If + End If + Else + 'MsgBox("The form has not been filled completeley.", MsgBoxStyle.Critical, "Error08") + lblMessage.ForeColor = Color.Red lblMessage.Text = "The form has not been filled completeley." End If - End If + End Sub 'Function RandomString(r As Random, max As Integer) As String